Firewalling

Do not allow that user to write to any directory or files. If you need file access, arbitrate it via IPC with another q process. Pay attention to how that process will return values via .z.pg or .z.ps or similar.

If you want to allow certain IPC calls, implement only the ones you want. Trying to blacklist functions is tricky because some otherwise useful functions may have a mode that accesses the disk which may cause information leak (e.g. key). It is much easier to use a whitelist approach. Whitepaper Permissions with kdb+ has some suggestions here.

As IPC functions either receive a parse tree or a string (that you could parse yourself), make sure you check the type of the input e.g. x:$[10h=type x;parse x;x]